GHSA-4542-p56h-8xww

Suggest an improvement
Source
https://github.com/advisories/GHSA-4542-p56h-8xww
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-4542-p56h-8xww/GHSA-4542-p56h-8xww.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-4542-p56h-8xww
Published
2024-06-05T17:24:16Z
Modified
2024-12-02T05:38:18.226650Z
Summary
Cross-Site Scripting (XSS) vulnerabilities in Neos
Details

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials (such as cookies). With the potential backdoor upload an attacker could gain access to the server itself, to an extent mainly limited by the server setup.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-05T17:24:16Z"
}
References

Affected packages

Packagist / typo3/neos

Package

Name
typo3/neos
Purl
pkg:composer/typo3/neos

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.2.0
Fixed
1.2.13

Affected versions

1.*

1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12

Packagist / typo3/neos

Package

Name
typo3/neos
Purl
pkg:composer/typo3/neos

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.4

Affected versions

2.*

2.0.0
2.0.1
2.0.2
2.0.3